The following two security updates are available for Slackware: apr/apr-util (SSA:2011-133-01) and httpd (SSA:2011-133-02)

[slackware-security] apr/apr-util (SSA:2011-133-01)

New apr and apr-util packages are available for Slackware 11.0, 12.0, 12.1,12.2, 13.0, 13.1, 13.37, and -current to fix a security issue.

Here are the details from the Slackware 13.37 ChangeLog:+--------------------------+patches/packages/apr-1.4.4-i486-1_slack13.37.txz: Upgraded. This fixes a possible denial of service due to an unconstrained, recursive invocation of apr_fnmatch(). This function has been reimplemented using a non-recursive algorithm. Thanks to William Rowe. For more information, see:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0419 (* Security fix *)patches/packages/apr-util-1.3.11-i486-1_slack13.37.txz: Upgraded.+--------------------------+

Where to find the new packages:+-----------------------------+

HINT: Getting slow download speeds from ftp.slackware.com?Give slackware.osuosl.org a try. This is another primary FTP sitefor Slackware that can be considerably faster than downloadingdirectly from ftp.slackware.com.

Thanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating additional FTP and rsync hostingto the Slackware project! :-)

New httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1,13.37, and -current. These have been compiled against the new versions ofapr and apr-util, which were upgraded to fix a security issue that affectsApache httpd. It is recommended that all three updates be applied.

Here are the details from the Slackware 13.37 ChangeLog:+--------------------------+patches/packages/httpd-2.2.18-i486-1_slack13.37.txz: Upgraded. This is a bug fix release, but since the upgrades to apr/apr-util require at least an httpd recompile we opted to upgrade to the newest httpd.+--------------------------+

Where to find the new packages:+-----------------------------+

HINT: Getting slow download speeds from ftp.slackware.com?Give slackware.osuosl.org a try. This is another primary FTP sitefor Slackware that can be considerably faster than downloadingdirectly from ftp.slackware.com.

Thanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating additional FTP and rsync hostingto the Slackware project! :-)